My Evil Undead Credit Card

A few months ago I had tried asking for a new card with a new number, in the past that always worked to clear out all the BS recurring charges (gym memberships, etc.). The charges blasted right through that new card.

I wrote the blog post because I was surprised in the change in the law that allows credit card banks to continue to push recurring merchant charges even after a card had been claimed lost or stolen.

But it turns out it’s even worse than that. Yesterday I received a bill for that cancelled credit card. The account was closed, said the bill, but there was a new charge for $40.

Say what?

I called Chase. They told me that even though I had cancelled the card merchants could continue to bill me.

Basically, any merchant that had a recurring billing relationship with me can keep billing that card even though it is a closed account. All I can do is pay the charges or go through the dispute resolution procedure.

This raises an interesting philosophical question – How does Chase manage to continue to accept charges on my behalf when we’ve ended the contractual relationship? Can an account really be called “closed” when people can still run charges through it?

54 thoughts on “My Evil Undead Credit Card”

I had the same thing happen with a Bank of America card (which I stopped using and felt the charge shouldn’t have gone through since the number was stolen with the Playstation hack awhile ago). What really annoyed me is that they won’t tell me if there was any other recurring charges that they knew about.

I had a similar issue with American Express except they quickly removed the charges and blocked the merchant. The American Express rep told me that the reason recurring charges are still processed after a new card number is issued is for consumer convenience. It prevents having to update your card with a ton of different services, but the fraudulent possibility that comes with that convenience isn’t worth it for me.

Ok, sure it’s real. But there’s zero logic behind Chase telling the world that they’ll randomly accept charges on behalf of a person that they have no credit card relationship with. They should simply tell the merchant that the account is closed and that they need to deal with it on their own, through collections or small claims or whatever.

That’s an easy to understand business risk. What’s happening now makes no contractual or economic incentive sense. All it will do is make people much less secure using their credit cards, which is bad for everyone.

For example, under no circumstances would I even consider joining a gym now and giving them my credit card. There would have to be some other way to pay.

Well, the other thing, I think indifference is the culprit vs. a willful attack. I think that they have a policy that makes some sense (i.e. if your card expires, the merchant relationship remans, so you don’t have to reenter your cards). They have a byproduct (this sort of nonsense) and they figure that the collateral damage isn’t that severe (you, Mike, are a living edge case), and that’s that.

Yes, but if you cancel your card due to fraudulent charges (report it stolen), they still don’t actually cancel it. If you’ve used that card at say Amazon and the thief charges something at Amazon, they allow the charge to go through on a reported STOLEN card because you’ve used that merchant before (they’ll call it a recurring vendor or something). If you don’t catch the fraudulent charge, YES you do have to pay it! We’ve spent hours on hours trying to get monitor past, STOLEN card numbers as well as to get them canceled forever. Even told them that if it’s used to pay a life support bill for us we don’t want the charge to go through… 6 more fraudulent charges this month! It’s maddening!

I was talking to an engineer from Dwolla about a week ago, and he was talking about the way they do authentication. It sounded like every time you make a request to the merchant, they get an OAuth token (like WordPress just got from my Twitter). He said that the token contained how much had been authorized, and that unlike a credit card or a bank account, the merchant can’t ask for more money (without you typing in a pin again). I don’t know how recurring payments work.

Combined with the fact that tokens generally break when you change password, it sounds like it’s a lot safer for the end user (though my understanding is that banks generally take on fraud risk rather than the user, but I guess the friction is the paperwork)

This sort of scenario is actually pretty common in the trucking industry where single use card numbers with pre-set values are the norm. Companies like Wright Express (http://en.wikipedia.org/wiki/Wright_Express) have built businesses out of only allowing X dollars to be spent on Y card and then having all of the cards trickle up to a master account controlled by the head office.

In MA’s case, it sounds like a case of the bank not wanting to do what’s right, and not a network limitation with Visa or MC.

I hope you do go all the way with this and document it. You have an advantage most of us don’t — you’re a lawyer. At least you won’t have to run up a huge legal bill to challenge the charge. Also, why not say who the vendor is who’s charging this? We can all try to stop doing business with them too. There are other costs that might concern them.

Interesting this is also the problem with web 2.0 business models. You’re not Chase’s customer as much as the vendor is. They pay them, with the 3 percent fees. Your value to them is that you keep spinning the wheel. Just like when you use Facebook or Twitter.

All respect to Mike, but even he can’t imagine his legal prowess & resources can out-manuever/out-last the big credit card corporations. For the kind of change necessary to stop the OP’s documented madness, we’re talking class action (of which MA might certainly be the proverbial match to light the fire.)

from my previous post on this, it was all supposedly started a year and a half ago from some Congressional act. I don’t really think there is a legal way to fight it unless the courts can find it unconstitutional (which I don’t see happening).

I’m pretty sure this isn’t new. I spent 12 years at AOL (spanning not one but TWO cancellation-related AG settlements) and I remember complaints about this happening to members; likewise, I’ve had it happen to me. So either it’s not completely new, or it was prohibited for a while and then wasn’t.. or something. Boy, this detailed explanation should help you.

On the flip side, we had a really good experience with Chase earlier this year when our card got cloned 3x in 3 months. Their fraud prevention team was extremely easy to work with, removed all the bad charges promptly, and the paperwork on our end was minimal.

We eventually figured out where the problem was coming from – a local restaurant – and we no longer use a credit card when buying from them. Haven’t had a problem since.

So what’s the alternative to a credit card, other than cash? A debit card, where your money is stolen/taken immediately with no recourse? At least with a credit card, you’ve got ~30 days to see a bad charge. Then you’ve got ~60 days to file a dispute with the card issuer. Just do it immediately upon seeing the bad charge.

You do raise a great point about the danger of the card issuer “helpfully” forwarding charges to your new card.

Never get a bank ATM card (debit card) with a credit card affiliation (MasterCard or VISA). Banks issue those by default but just ask for one without the credit feature. Because if you are not entering a PIN to purchase then yes the money can disappear quickly if the card is stolen.
(yeh yeh late post no one will read whatever)

having worked for a SAAS company with low-end recurring charges, you’d be floored how many of the customers dispute the charges that they willingly signed up for. the guy on the phone isn’t lying – it’s a real issue, and it costs the merchant ~$25 each time with almost no way to win

I don’t care. The situation now is that the consumer can’t win, and a bank is willing to unilaterally reopen a closed account to become the agent of the merchant. That isn’t any kind of reasonable solution to consumer fraud. It’s a cash grab by merchants and banks.

Screwed over merchants have other recourse than this. What if any time I wrote a check to someone they could just go back and grab more and there was nothing I could do about it? This is the same thing.

If you worked at a saas company with a lot of chargebacks, I’d argue that you were miscommunicating your billing and should have been clearer.

In addition to Mike’s point about clarity of billing, did you have decent customer service for handling complaints? I worked at a daily-deal company and over two years we had only 3 chargebacks. This was because when we got complaints we dealt with them, and if the customer wanted to back out of a purchase we refunded their money or (if we’d already paid the service provider) gave them an account credit. At a SaaS company where the marginal cost is zero there’s no reason not to simply issue a refund to any dissatisfied customer. That they willingly signed up may be true, but is feeling morally superior worth a chargeback?

If someone doesn’t pay, stop their service via your software. Unless you’re providing a huge amount of customer service, hardware or reselling something else, the ‘cost’ of having an extra account in your system doesn’t cost much. If I was using a service and stopped paying, I would expect the service to stop (and eventually delete my data).

Chase is a by far, the WORST credit card company EVER. They bought out my original credit card company, so I was stuck with them for a while. After dealing with their terrible customer service and malicious corporate policies, I paid it off and cancelled it as soon as I could. I have had much better experiences with other credit card companies.

When are they going to learn that you cannot treat customers like trash?

I have tried to switch all of my recurring payments to PayPal. This gives me an extra level of protection ( I can always remove a credit card, disallow access, etc.). You do have to add a bank account, so I wonder, even if I closed a bank account, could a merchant continue to bill an account, which would result in overdraft fees?

This happened to me once, I changed my credit card and a recurring payment (which I changed my card to avoid) went through – I called Commbank and it was reversed and blocked by the time I was off the phone. I really think it just depends on the particular bank. Also I imagine Australian consumer law is (at least slightly) different to the US

Bitch, bitch, bitch….this is a system that actually totally disrupted the existing technology (cash) when it was introduced and by introducing electronic authorization completely changed underwriting. You have every opportunity to opt out and use Dwolla

At least you’d be happy to know that credit card companies award chargebacks to the consumer 95% of the time. As someone who receives credit-card payments, once a chargeback comes through we don’t ever bother fighting it (even though it’s often obvious fraud, ie. buyers remorse).

You can also chargeback on payments made months ago – you can basically issues chargebacks on all the past payments you think were not made in good faith. Each costs the merchant at least 35$ on the spot and more time and money to deal with if they decide to challenge it. That should make them give up charging you.

Happened to me with an AMEX. In my case it was a recurring Netflix charge that someone has signed up for using my old number. I also had my own Netflix account, and somehow didn’t catch the duplicate charges for many many months. To their credit, AMEX wiped them all clear though the dispute process and explained the whole pass-through-the-charges from “trusted entity” thing. Since Netflix was a “trusted entity” they allowed the charges to pass-through even though my original card had been canceled – but I don’t think it should work that way. A canceled card should completely cease to function.

maybe *some day* the whole ‘trusted entity’ thing will be optional, and banks can make money off of it. really, i’m not sure why they haven’t yet, especially if the old process was causing them extra customer service costs.

“Would you like our “ChargeKeeper(tm)” service? It makes sure you never miss a payment on all your automatic charges – never miss your cable bill, car payment or gym membership, even if your card is lost or stolen! Only $1.99/month!”

Or… $1.99/month to ‘opt out’ of that service (like paying for an ‘unlisted’ number).

I’ve also had this happen with Chase. After the account was closed, I had to then report the card stolen AND jump through some hoops to get them to stop accepting the recurring charges. Though, this was some time ago (6 years or so).

Recently my wife lost get Discover card and they had similar steps for the recurring fraudulent charges. Ultimately, I didn’t pay for any of them.

That said, get an AmEx and you’ll never have any of those problems. I’ve had fraudulent charges show up and instead of issuing a new card/number, they block the merchant that kept sending the transactions. That’s just awesome.

You can always check with the credit card company to see if there are any recurring payments and cancel them, I had to do this step with PayPal as well, had the PayPal rep not highlighted this to me i would have stuck with recurring payments too.

I have had to dispute fraudulent and unwanted charges, and the paperwork did not seem like that big a deal to me. Different processes with different banks (one bank for me, different bank for my sister), but none seemed onerous. And it should stop a recurring charge in its tracks. With Wells Fargo, I just called the bank and they took care of it without me having to do anything else. Just go through the “dispute a charge” procedure.

This post reminds me of the other day when the ATM allowed me to mistakenly pull $200 out of my business account when I meant to use my personal account ATM card. The next day I had 2 overdraft charges because the money wasn’t in that account it was in my personal one. When I called the bank I asked them why the ATM let me use an account with no money in it. Their response was that since it was a business account the ATM provided the funds, But if it was my personal account with no funds the transaction would have been declined. This cost me $70 in overdraft fees. Go figure…

Try this: Spin up a one-time use “virtual” credit card. Change your account to use that card. Then cancel it the virtual card. Maybe they won’t be able to jump from the virtual number back to your real card number.

Mike – Have you considered the route of disputing this issue relative to FDCPA or FCRA? I did this very successfully in two instances; in one of them the creditor actually settled with me for 7K because they violated both federal and state regulations. I simply sent a certified letter (a template I now love) disputing the charge and threatened action if they attempted to bill me again under several stipulations of the FCRA (http://www.ftc.gov/bcp/edu/pubs/consumer/credit/cre27.pdf). One of the disputes ended in a quick resolution and the other ended in me filing a few forms with small claims (http://www.courts.ca.gov/9744.htm) and a quick settlement. I have no doubt you are aware of these options, but I think that this is your best route…it has worked for me.

Same thing here. I used my visa debit for a one time Exquifax credit report and then for several months I had reoccuring charges for $12.95 and then $14.95 in addition to the $12.95. When i realized this was happening I called Equiax and cancelled the service and then cancelled my bank card. Fast forward to October this year and I notice a $12.95 charge from my bank account from Equifax. I looked back thru my monthly statement going a year back to when I cancelled the service and the card to find that Equifax did stop charging my account for two months but then somehow they started the monthly charges again not only on my old cancelled visa debit card for $12.95 and $14.95 ever month but also charged $14.95 a month on my new visa debit card that I’ve never given them the number for. To add more insult to injury when I try to sign in to Equifax ( this was not 3rd party but their direct website) my sign in information takes me to the payment page wanting an updated credit card number before using the site however they’ve billed me on 2 different card numbers 3 different times every month since Feb this year but will not allow use of the site without a updated card number. I have no use for the service but just wanted to cancel all information they have for me. This is gonna take some time to fix due to Regions Bank is horrible about customer service issues and getting Equifax to remove, delete, cancel or whatever I have to do to get my billing information removed from their system. Possibly close my bank account I guess and go somewhere else.